“Our only comment about Google Street View is the investigation is active and ongoing,” Connecticut Attorney General George Jepsen’s spokesperson told the Wall Street Journal. The Constitution State lead the charge against the search giant back in 2010.

The anonymous sources indicated that a formal settlement announcement would come “early next week.”

27 Reader Comments

Just curious: If I'm on an encrypted network,and I'm exchanging information from my computer to my router, anyone passing by in range, with a packet sniffer, can grab those (encrypted) packets without actually being connected to the network, right?

Why do they have to settle? They haven't done anything wrong, they should have just gone to court and won.

No. they did something quite wrong: they stole data that was private but wasn't encrypted. you don't see people opening your mail and saying "well, it's not INSIDE your house while it's being delivered now is it?".

Just curious: If I'm on an encrypted network,and I'm exchanging information from my computer to my router, anyone passing by in range, with a packet sniffer, can grab those (encrypted) packets without actually being connected to the network, right?

You can learn a lot about wifi by hacking yourself. Load kismet on a linux PC. You need certain wifi adapters that allow monitoring. To monitor a channel, you need to tell kismet to park on that channel. You will need wireshark to see the packets.

Your encrypted packets are secure. Routing data is not.

Your home wifi router can be a bit chatty. If you don't have the wifi ports isolated using ddwrt, all your network devices can be seen. In the old days, that just meant all the computers you own can be detected. So a geeky thief looking for some overprice apple toy knows where to go. Oh, and that networked flat screen TV can be detected. Sonus? No problem see those things yoo. Wireless cameras? Yep. Now detected does not mean hacked. Rather it is easy to inventory what is on the network via sniffing your packets.

What else? Well if you have wifi profiles stored in your phone or notebook for automatic connection, they will chirp out all the WAPs that you frequent. So if you had a one nighter at the Love Motel and stored the wifi info, that can be detected. The MAC of your device can be logged as well. Since many people have unique SSIDs at home, some sleezebag could get the SSID of that hot babe at Starbucks and in the old days use the google SSID database to get longitude and lattitude. That hole is patched. But the jerk could troll around town looking for your phone.

Why do they have to settle? They haven't done anything wrong, they should have just gone to court and won.

I used to say that, but this is one of those rare cases where finally I can't come down on Google's side. It is certainly true that Google didn't have any nefarious intentions, and certainly true that they didn't use the data collected for anything, but nonetheless their claim that it was unintentional doesn't hold water. It has become clear that the engineer involved DID discuss this issue with his management, who didn't stop it, and the fact of the discussion means that the engineer knew he was breaking the law.

It sounds to me like his thinking was: "Well, this could technically be in violation of a law, but since I'm just gathering the data as an experiment with no intention to use the data directly, and will eventually throw it away, it's all ok in the end". That kind of thinking is the kind of heedless engineer-think that needs to be cracked down on. Engineers do not get a privacy free-pass when manipulating other people's information. The fact that Google still employs him is pretty scandalous, I think, and they deserve the penalty. And this is coming from a Google fan.

Why do they have to settle? They haven't done anything wrong, they should have just gone to court and won.

No. they did something quite wrong: they stole data that was private but wasn't encrypted. you don't see people opening your mail and saying "well, it's not INSIDE your house while it's being delivered now is it?".

Whatever. From FCC themselves: "The FCC also said that it determined, lacking further information on the nature of the collection, that there was no precedent for applying the laws under which the investigation was launched—the Wiretap Act and the Communications Act—because the traffic intercepted by Google was not encrypted."

Meaning, they know they have no legal standing. Google settling is not an admission of guilt, they just want the story finished.

You might say they are morally wrong. That maybe and google themselves have basically admitted that many times.

Why do they have to settle? They haven't done anything wrong, they should have just gone to court and won.

I used to say that, but this is one of those rare cases where finally I can't come down on Google's side. It is certainly true that Google didn't have any nefarious intentions, and certainly true that they didn't use the data collected for anything, but nonetheless their claim that it was unintentional doesn't hold water. It has become clear that the engineer involved DID discuss this issue with his management, who didn't stop it, and the fact of the discussion means that the engineer knew he was breaking the law.

It sounds to me like his thinking was: "Well, this could technically be in violation of a law, but since I'm just gathering the data as an experiment with no intention to use the data directly, and will eventually throw it away, it's all ok in the end". That kind of thinking is the kind of heedless engineer-think that needs to be cracked down on. Engineers do not get a privacy free-pass when manipulating other people's information. The fact that Google still employs him is pretty scandalous, I think, and they deserve the penalty. And this is coming from a Google fan.

The whole "it wasn't us, it was the engineer" shenanigan is such a blatant spin that I'm shocked you actually believed it. they say it was some engineer, but they don't disclose his name. nothing fishy in that at all. if he was a rouge engineer he went against the company and the company should hand him over to the authorities instead of taking the heat for something they allegedly didn't do.But it's not what happened. they knew full well what they are doing and were just taking baby steps to cross yet another line of privacy.And who says they discarded the data? I, for one, don't believe them. their business is data, who in their right mind would throw it away?

I'm a Google fan for a long time and yet I don't believe the stuff they feed the world about this scandal.

Why do they have to settle? They haven't done anything wrong, they should have just gone to court and won.

No. they did something quite wrong: they stole data that was private but wasn't encrypted. you don't see people opening your mail and saying "well, it's not INSIDE your house while it's being delivered now is it?".

Whatever. From FCC themselves: "The FCC also said that it determined, lacking further information on the nature of the collection, that there was no precedent for applying the laws under which the investigation was launched—the Wiretap Act and the Communications Act—because the traffic intercepted by Google was not encrypted."

Meaning, they know they have no legal standing. Google settling is not an admission of guilt, they just want the story finished.

You might say they are morally wrong. That maybe and google themselves have basically admitted that many times.

Just curious: If I'm on an encrypted network,and I'm exchanging information from my computer to my router, anyone passing by in range, with a packet sniffer, can grab those (encrypted) packets without actually being connected to the network, right?

You can learn a lot about wifi by hacking yourself. Load kismet on a linux PC. You need certain wifi adapters that allow monitoring. To monitor a channel, you need to tell kismet to park on that channel. You will need wireshark to see the packets.

Your encrypted packets are secure. Routing data is not.

Your home wifi router can be a bit chatty. If you don't have the wifi ports isolated using ddwrt, all your network devices can be seen. In the old days, that just meant all the computers you own can be detected. So a geeky thief looking for some overprice apple toy knows where to go. Oh, and that networked flat screen TV can be detected. Sonus? No problem see those things yoo. Wireless cameras? Yep. Now detected does not mean hacked. Rather it is easy to inventory what is on the network via sniffing your packets.

What else? Well if you have wifi profiles stored in your phone or notebook for automatic connection, they will chirp out all the WAPs that you frequent. So if you had a one nighter at the Love Motel and stored the wifi info, that can be detected. The MAC of your device can be logged as well. Since many people have unique SSIDs at home, some sleezebag could get the SSID of that hot babe at Starbucks and in the old days use the google SSID database to get longitude and lattitude. That hole is patched. But the jerk could troll around town looking for your phone.

Why do they have to settle? They haven't done anything wrong, they should have just gone to court and won.

I used to say that, but this is one of those rare cases where finally I can't come down on Google's side. It is certainly true that Google didn't have any nefarious intentions, and certainly true that they didn't use the data collected for anything, but nonetheless their claim that it was unintentional doesn't hold water. It has become clear that the engineer involved DID discuss this issue with his management, who didn't stop it, and the fact of the discussion means that the engineer knew he was breaking the law.

It sounds to me like his thinking was: "Well, this could technically be in violation of a law, but since I'm just gathering the data as an experiment with no intention to use the data directly, and will eventually throw it away, it's all ok in the end". That kind of thinking is the kind of heedless engineer-think that needs to be cracked down on. Engineers do not get a privacy free-pass when manipulating other people's information. The fact that Google still employs him is pretty scandalous, I think, and they deserve the penalty. And this is coming from a Google fan.

The whole "it wasn't us, it was the engineer" shenanigan is such a blatant spin that I'm shocked you actually believed it. they say it was some engineer, but they don't disclose his name. nothing fishy in that at all. if he was a rouge engineer he went against the company and the company should hand him over to the authorities instead of taking the heat for something they allegedly didn't do.But it's not what happened. they knew full well what they are doing and were just taking baby steps to cross yet another line of privacy.And who says they discarded the data? I, for one, don't believe them. their business is data, who in their right mind would throw it away?

I'm a Google fan for a long time and yet I don't believe the stuff they feed the world about this scandal.

First of all, the name of the engineer IS known, although Google didn't release it. It was Marius Milner, who wrote NetStumbler. You know, the wardriving tool? You know, wardriving, the practice of illegally using other people's wifi networks?

I formed my opinion about this by combining the facts that are known, with my own knowledge of how programmers think and how Google operates. I don't buy Google's PR line, nor do I buy into the conspiracy theories that say "they collected it, therefore they must have been doing something with it" without any evidence. I don't believe there is any evidence they used the data, or that they had any intention of using it, or that it was part of some larger plan within the company. If you have such evidence, whip it out, otherwise you are just speculating.

There is no doubt at least one person at Google knew this was wrong, and there is no doubt Google is stonewalling and trying to dodge a bullet. But that is as far as it goes.

So does the 7 million go into the pockets of citizens who's privacy was violated or to the state to line their already bloated budgets? Because I don't understand the purpose of these fines if they don't go to help the violated.

It sounds to me like his thinking was: "Well, this could technically be in violation of a law, but since I'm just gathering the data as an experiment with no intention to use the data directly, and will eventually throw it away, it's all ok in the end". That kind of thinking is the kind of heedless engineer-think that needs to be cracked down on. Engineers do not get a privacy free-pass when manipulating other people's information.

It's not even technically against the law, no pseudo veil of anonymity had been lifted, no ones "privacy" was violated.

AreWeThereYeti wrote:

First of all, the name of the engineer IS known, although Google didn't release it. It was Marius Milner, who wrote NetStumbler. You know, the wardriving tool? You know, wardriving, the practice of illegally using other people's wifi networks?

Wardriving isn't illegal, it's the digital equivalent to bird watching or train spotting, you might be thinking of piggybacking, which is accessing networks that arent your own (and even that is a bit of an untested gray area legally).

sprockkets wrote:

Why should a CT attorney general have any reason to just demand the data retrieved from the street view cars?

Makes his ego bigger when he can successfully bully people into getting something from someone else, even if he has no use for it.

Why do they have to settle? They haven't done anything wrong, they should have just gone to court and won.

If I went driving around and snatched network information I wasn't supposed to have, whether protected or not, I'd be in trouble for unauthorized access to a computer network. Why should Google, or any other corporation, get a free pass for it?

Is wardriving stalking?With a nod towards blind people, is it illegal in the general case for people to see others?With a nod towards deaf people, is it illegal in the general case for people to hear others?

Just curious: If I'm on an encrypted network,and I'm exchanging information from my computer to my router, anyone passing by in range, with a packet sniffer, can grab those (encrypted) packets without actually being connected to the network, right?

There is difference between reading the information and building a database about it.

For example with credit card transaction, you can ask for security code on the back of the card but you are not allowed to store it.

So does the 7 million go into the pockets of citizens who's privacy was violated or to the state to line their already bloated budgets? Because I don't understand the purpose of these fines if they don't go to help the violated.

I don't understand how this is preventing other people from wardriving in the future. Doesn't the same vulnerability still exist? Now, why is Google being singled out for punishment regarding this offense ... were they too forthcoming?

Why do they have to settle? They haven't done anything wrong, they should have just gone to court and won.

If I went driving around and snatched network information I wasn't supposed to have, whether protected or not, I'd be in trouble for unauthorized access to a computer network. Why should Google, or any other corporation, get a free pass for it?

Wrong, and really sad that still after so many articles explaining how this isn't illegal, 6 people still managed to rate you up.

"The FCC also said that it determined, that there was no precedent for applying the laws under which the investigation was launched—the Wiretap Act and the Communications Act—because the traffic intercepted by Google was not encrypted."

If this were Apple, this would be the end of the world post. Now, it's just a footnote, where people make nice goody goody jokes about one of the worst search monopolists out there stopping at nothing to get the best out of every single bit of data from your Gmail account. It's quite masterful how Google mastered the proper public relations strategy.

There is nothing illegal about gleaning SSID and related information. They fall into the spectrum of public broadcast, anyone with the adequate equipment to hear said broadcast is welcome to it.

Even in the case of encrypted traffic over public spectrum, you are welcome to record it, and without going into to much legal detail about it, there are cases where decryption is not expressly forbidden.

Having WiFi is like posting a giant neon sign on your front lawn. "We are the "EatAtJoe's" WiFi family, and no less than 7 devices have been known to connect to our network in the period of time you were staring at this sign."

It is up to the individual to read that sign or not, it is not, however analogous to mail which is stored on private property, in a private mail receptical, and where I come from (Canada) viewed as a matter of national security. It has been known to be referred to as "The Queen's Mail" as every letter is to be delivered with the knowledge that this letter could be for or from The Queen.

There is nothing inherently wrong about war-driving, similarly there is nothing inherently wrong with using a list of well-known SSIDs along with relative location-data to ascertain more specific location information and clarity.

Remember, not wire-tapping, public broadcast. HUGE difference, don't like it? Don't use public spectrum.